CVE-2016-3165

high

Published 2016-04-12 · Modified 2024-04-23

CVSS v3

7.5

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CVSS v2

5.0

VIR risk

7.5

Description

Drupal Form API ignores access restrictions on submit buttons

Exploit likelihood

83%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://www.drupal.org/SA-CORE-2016-001

Ecosystem	Package	Vulnerable	Fixed
Packagist	drupal/core	`>=6.0,<6.38`	`6.38`
Packagist	drupal/drupal	`>=6.0,<6.38`	`6.38`

Vendor	Product	Versions
drupal	drupal	`6.0`
drupal	drupal	`6.1`
drupal	drupal	`6.2`
drupal	drupal	`6.3`
drupal	drupal	`6.4`
drupal	drupal	`6.5`
drupal	drupal	`6.6`
drupal	drupal	`6.7`
drupal	drupal	`6.8`
drupal	drupal	`6.9`
drupal	drupal	`6.10`
drupal	drupal	`6.11`
drupal	drupal	`6.12`
drupal	drupal	`6.13`
drupal	drupal	`6.14`
drupal	drupal	`6.15`
drupal	drupal	`6.16`
drupal	drupal	`6.17`
drupal	drupal	`6.18`
drupal	drupal	`6.19`
drupal	drupal	`6.20`
drupal	drupal	`6.21`
drupal	drupal	`6.22`
drupal	drupal	`6.23`
drupal	drupal	`6.24`
drupal	drupal	`6.25`
drupal	drupal	`6.26`
drupal	drupal	`6.27`
drupal	drupal	`6.28`
drupal	drupal	`6.29`
drupal	drupal	`6.30`
drupal	drupal	`6.31`
drupal	drupal	`6.32`
drupal	drupal	`6.33`
drupal	drupal	`6.34`
drupal	drupal	`6.35`
drupal	drupal	`6.36`
drupal	drupal	`6.37`

CWE-284

Verify integrity in audit chain (admin only). AS-IS.